Risks
Advisories
Browse
or
or
Caldera Security Advisory - Volution Manager: Directory Administrator password in cleartext
______________________________________________________________________________ 


                Caldera International, Inc. Security Advisory 


Subject: Volution Manager: Directory Administrator password in cleartext 
Advisory number: CSSA-2002-024.0 
Issue date: 2002 June 3 
Cross reference: 
______________________________________________________________________________ 



1. Problem Description 


        Volution Manager stores the unencrypted Directory 
        Administrator's password in the /etc/ldap/slapd.conf file. 


        This vulnerability will be corrected in the next release of 
        Volution Manager. 



2. Vulnerable Supported Versions 



        System Package 
        ---------------------------------------------------------------------- 
        Volution Manager 1.1 Standard 



3. Solution 


        Volution Manager stores the un-encrypted Directory 
        Administrator's password in the /etc/ldap/slapd.conf file. 
        The password line looks similar to this: 


                rootpw <clear_text_password> 


        Caldera strongly recommends that you encrypt this password, 
        using the following steps: 


        As the root user, run slappasswd, entering your desired 
        password at the prompts (the example uses newpasswd as the new 
        password; the password will not be seen as you type it). 


        # slappasswd 
        New password: newpasswd 
        Re-enter new password: newpasswd 
        {SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz 
        # 


        The output is the new, encrypted password. In the file 
        /etc/ldap/slapd.conf, replace the previous rootpw line with a 
        line containing the new, encrypted password so that the line 
        looks similar to this: 


                rootpw {SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz 



4. References 


        Specific references for this advisory: 
                none 


        Caldera OpenLinux security resources: 
                http://www.caldera.com/support/security/index.html 


        Caldera UNIX security resources: 
                http://stage.caldera.com/support/security/ 


        This security advisory closes Caldera incidents sr864231, 
        erg501574. 




5. Disclaimer 


        Caldera International, Inc. is not responsible for the misuse 
        of any of the information we provide on this website and/or 
        through our security advisories. Our advisories are a service 
        to our customers intended to promote secure installation and 
        use of Caldera products. 


______________________________________________________________________________ 



-----BEGIN PGP SIGNATURE----- 
Version: GnuPG v1.0.6 (SCO_SV) 
Comment: For info see http://www.gnupg.org 


iEYEARECAAYFAjz72JMACgkQbluZssSXDTFGYQCfX0cnLbZoZjuVYlv/oMgkdRWd 
ZyQAniNtDNeeCoU8zZfWkbsC03tx5Bp1 
=Hb6I 
-----END PGP SIGNATURE----- 




Spotlight

Chrome extension thwarts user profiling based on typing behavior

Infosec consultant Paul Moore came up with a working solution to thwart a type of behavioral profiling. The result is a Chrome extension called Keyboard Privacy, which prevents profiling of users by the way they type by randomizing the rate at which characters reach the DOM.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Wed, Jul 29th
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //